Daemon.warn dnsmasq[2146]: reducing DNS packet size for nameserver 127.0.0.1 to 1280

Random · July 21, 2020, 12:58pm

Last night I ran

firstboot && reboot now

and reworked my router from scratch because I've been practicing configuring it. I installed stubby using this guide: https://candrews.integralblue.com/2018/08/dns-over-tls-on-openwrt-18-06/

I also installed some DDNS packages to run my wiregaurd pivpn.

My router System Log is flooded with the following message occurring all the time:

Tue Jul 21 12:18:31 2020 daemon.warn dnsmasq[2146]: reducing DNS packet size for nameserver 127.0.0.1 to 1280
Tue Jul 21 12:22:44 2020 daemon.warn dnsmasq[2146]: reducing DNS packet size for nameserver 127.0.0.1 to 1280
Tue Jul 21 12:27:33 2020 daemon.warn dnsmasq[2146]: reducing DNS packet size for nameserver 127.0.0.1 to 1280
Tue Jul 21 12:29:19 2020 daemon.warn dnsmasq[2146]: reducing DNS packet size for nameserver 127.0.0.1 to 1280
Tue Jul 21 12:32:08 2020 daemon.warn dnsmasq[2146]: reducing DNS packet size for nameserver 127.0.0.1 to 1280

Can anyone help me identify what the problem is?
My router has two APs wired to it, and 2 VLANs for iot and guest. Here is my DHCP config file:

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option noresolv '1'
        list server '127.0.0.1#5453'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option leasetime 'infinite'
        option dns '1'
        option name 'WNDR3700'
        option ip '192.168.1.2'

config host
        option mac 'XX:XX:XX:XX:XX:XX'
        option leasetime 'infinite'
        option dns '1'
        option name 'AC2600'
        option ip '192.168.1.3'

config dhcp 'iot'
        option start '100'
        option limit '150'
        option interface 'iot'
        option leasetime '24h'

config dhcp 'guest'
        option start '100'
        option limit '150'
        option interface 'guest'
        option leasetime '24h'

config host
        option mac 'XX:XX:XX:XX:XX'
        option leasetime 'infinite'
        option dns '1'
        option name 'raspberrypi'
        option ip '192.168.1.108'

lleachii · July 21, 2020, 3:53pm

Try changing this back to normal.

Reasoning: https://www.snbforums.com/threads/lots-of-syslogs-for-reducing-dns-packet-size-for-nameserver.55528/

(I know this isn't odhcpd, but some IPv6 DNS functions/settings actually go to dnsmasq.)

Random · July 21, 2020, 4:14pm

What is considered a "normal" loglevel?

lleachii · July 21, 2020, 4:19pm

Removing the line.

vgaetera · July 21, 2020, 4:20pm

There's a workaround and the reply of the Dnsmasq leading developer.

Random · July 24, 2020, 2:02pm

@lleachii deleting the line:

did not work.

@vgaetera the article you sent suggests adding "edns-packet-max=1280" to the " dnsmasq custom config". Does that mean just adding that line under "config dnsmasq" in /etc/config/dhcp ?

Also, does the warning in my system log indicate something harmful? I don't know enough to understand if this is something that needs to be fixed, or if it is just inconvenient that the warning keeps spamming my log.

vgaetera · July 24, 2020, 5:58pm

OpenWrt-specific configuration:

uci set dhcp.@dnsmasq[0].ednspacket_max="1280"
uci commit dhcp
/etc/init.d/dnsmasq restart

Generally, warnings are not critical and can be ignored more or less safely.
However, some ISPs do not respect your privacy and use DNS hijacking.
In this case you can utilize DNS encryption to protect your DNS traffic.

Random · July 25, 2020, 3:32pm

@vgaetera that seems to have worked! Thank you.

As a follow up, and again I don't know a ton about networking, I was also having issues with some IOT devices which were able to connect to my wireless APs and the appropriate VLAN, but were not reaching the internet. That has also been resolved now. Could the solution you provided have had an impact on those devices' ability to finally reach a DNS server outside the local network and function properly?

I don't know for sure because the same day I edited /etc/config/dhcp the way you suggested, I also installed dnsmasq-full. I'm not sure which of those actions solved my IOT device issues. Thanks again!

vgaetera · July 25, 2020, 8:09pm

The setting applies to Dnsmasq, which should be your primary DNS server.
However, diagnosing a problem that has already disappeared is problematic.

Random · July 25, 2020, 11:02pm

lol, okay well thank you very much for the help with the actual problem!

system · August 4, 2020, 11:02pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.